[CentOS-devel] testing SecureBoot

Sat Jun 21 00:44:55 UTC 2014
Karanbir Singh <mail-lists at karan.org>

Hi,

As a part of what we are doing in the project - and something we want to
extend to all content built + signed + delivered via the project
resources - I've been working on secureboot facilities and getting the
infra around it online.

After a bit of hop, step and jump ( and lots of help from Peter Jones at
Red Hat ), I've got a baseline test run complete today. This compose is
based on a newer-than-GA kernel, so dont stress too far about that, the
release media will contain the GA kernel.

You can find the tree here :
http://buildlogs.centos.org/centos/7/os/x86_64-secureboot/

The tree itself is based on the last good tree we pushed on the 18th June.

Please test secureboot widely, its something new, its something we are
doing differently than most of the other distro's out there at the
moment ( but they will mostly all be doing it like this soon ).

This new process is using an EV Code Signing key, validated by Microsoft
rather than the first-gen system ( where people would setup their own CA
root and request validation ).

Feedback here and/or at bugs.centos.org,

thanks,

-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc